<!DOCTYPE html>
<html>
<head>
<title>Geolocation On An Insecure Sandboxed Origin</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/get-host-info.js"></script>
</head>
<body></body>
<script>
    if (window.testRunner) {
        testRunner.overridePreference(
            "WebKitStrictPowerfulFeatureRestrictions", true);
        testRunner.overridePreference(
            "WebKitAllowRunningInsecureContent", true);
    }

    async_test(function() {
    window.addEventListener("message", this.step_func(function(event) {
        assert_equals(
            event.data.message,
            'Only secure origins are allowed ' +
            '(see: https://goo.gl/Y0ZkNV).');

            this.done();
        }));

        var iframe = document.createElement("iframe");
        iframe.sandbox = "allow-scripts allow-same-origin";
        iframe.src = get_host_info().UNAUTHENTICATED_ORIGIN +
                     "/security/powerfulFeatureRestrictions/resources/" +
                     "geolocation-in-iframe.html";
        document.body.appendChild(iframe);
    }, "Geolocation on an unauthenticated sandboxed origin");
</script>
</html>
